CVE-2020-7255

EPSS 0.08%
Veröffentlicht 15.04.2020 13:15:13
Zuletzt bearbeitet 21.11.2024 05:36:56
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Endpoint Security Version10.5.0 SwPlatformwindows

Mcafee ≫ Endpoint Security Version10.5.1 SwPlatformwindows

Mcafee ≫ Endpoint Security Version10.5.2 SwPlatformwindows

Mcafee ≫ Endpoint Security Version10.5.3 SwPlatformwindows

Mcafee ≫ Endpoint Security Version10.5.4 SwPlatformwindows

Mcafee ≫ Endpoint Security Version10.5.5 SwPlatformwindows

Mcafee ≫ Endpoint Security Version10.6.0 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.249

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P
trellixpsirt@trellix.com	3.9	0.8	2.7	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kc.mcafee.com/corporate/index?page=content&id=SB10309

https://nvd.nist.gov/vuln/detail/CVE-2020-7255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7255

EUVD